IT40 News for 10/18/2018

Share Now

#37 Facebook reportedly believes spammers were behind massive hack

Facebook has tentatively concluded that spammers masquerading as a digital marketing company were behind the massive security breach revealed last month, and not hackers working for a nation-state, the Wall Street Journal reported late Wednesday.

Facebook has been investigating the hack, which it calls the biggest security breach in its history, since its discovery on Sept. 25. The social network originally suspected as many as 50 million user accounts were affected but now believes it compromised the personal information for 29 million users, including phone numbers and email addresses.

The breach stemmed from a vulnerability in Facebook's "view as" feature, which lets people see what their profiles look like to other people. Attackers exploited code associated with the feature that allowed them to steal "access tokens" that could be used to take over people's accounts. The attackers also used a technique that let them steal access tokens from the friends of the accounts they already controlled, expanding their reach.

Facebook has said it's working with the FBI, which asked it not to discuss who might be behind the attack or whether they were targeting anyone in particular. But it's also said there's no reason to believe the breach was related to the upcoming US midterm elections.

The company declined to comment on the hack Wednesday, reiterating comments made Friday by Guy Rosen, Facebook vice president of product management.